System and method for secure message key caching in a mobile communication device

ABSTRACT

A method and system are provided for processing encrypted messages at a mobile device. A mobile device receives an encrypted message that comprises encrypted content as well as encryption information for accessing the encrypted content. At the mobile device, the encryption accessing information is obtained and stored to memory. The encryption accessing information is retrieved from memory in order to decrypt the encrypted content when the encrypted message is subsequently accessed.

CROSS-REFERENCE TO RELATED APPLICATION

[0001] This application claims priority to U.S. provisional applicationSerial No. 60/304,396 (entitled “System and Method for Secure MessageKey Caching in a Mobile Communication Device” filed Jul. 10, 2001). Bythis reference, the full disclosure, including the drawings, of U.S.provisional application Serial No. 60/304,396 is incorporated herein.

BACKGROUND

[0002] 1. Technical Field

[0003] The present invention relates generally to the field ofcommunications, and in particular toward processing secure messages on amobile communication device.

[0004] 2. Description of the State of the Art

[0005] In many known secure message exchange schemes, signatures,encryption, or both are commonly used to ensure the integrity andconfidentiality of information being transferred from a sender to arecipient In an e-mail system for example, the sender of an e-mailmessage could either sign the message, encrypt the message or both signand encrypt the message. These actions may be performed using suchstandards as Secure Multipurpose Internet Mail Extensions (S/MIME),Pretty Good Privacy™ (PGP™), OpenPGP and many other secure e-mailstandards.

[0006] When an encrypted message is received, it is decrypted beforebeing displayed or otherwise processed. Decryption is aprocessor-intensive operation which, on a wireless mobile communicationdevice (“mobile device”) with limited processing resources, tends totake a relatively long time. Such time delays may be unacceptable formany mobile device users.

[0007] Since the content of encrypted messages should generally remainsecure even after receipt, such messages are normally saved to long termstorage only in encrypted form. Therefore, each time a receivedencrypted message is to be opened or displayed for example, thedecryption operations are to be repeated. Those skilled in the art willappreciate that there are often two decryption operations that areperformed to decrypt the content of many types of encrypted messagessuch as S/MIME or PGP e-mail messages for example. The key which is usedto decrypt the message, referred to as the session key,, is firstdecrypted using a key associated with the recipient The decryptedsession key is then used to decrypt the message. Of these two decryptionoperations, decryption of the session key, which typically involvespublic key cryptographic operations, may require a user to enter apassword or passphrase, and may be more processor intensive than theactual message decryption. As described above, these operations mustnormally be repeated each time the message is opened, displayed oraccessed, resulting in possibly significant delays in message-relatedfunctions.

SUMMARY

[0008] In accordance with the teachings provided herein, a method andsystem are provided for processing encrypted messages at a mobiledevice. A mobile device receives an encrypted message that comprisesencrypted content as well as encryption accessing information foraccessing the encrypted content. At the mobile device, the encryptionaccessing information is obtained and stored to memory. The encryptionaccessing information is retrieved from memory in order to decrypt theencrypted content when the encrypted message is subsequently accessed.

[0009] When addressed to a plurality of receivers, an encrypted messagemay include more than one session key. The encrypted message may also besigned by a sender before or after the message is encrypted, such that areceiver verifies a signature either after or before the encryptedcontent is decrypted. The received messages may be e-mail messages thathave been encrypted using S/MIME, PGP, OpenPGP or other secure e-mailstandards.

[0010] As will be appreciated, the invention is capable of other anddifferent embodiments, and its several details are capable ofmodifications in various respects, all without departing from the spiritof the invention. Accordingly, the drawings and description of preferredembodiments set forth below are to be regarded as illustrative in natureand not restrictive.

BRIEF DESCRIPTION OF THE DRAWINGS

[0011]FIG. 1 is an overview of an example communication system in whicha wireless mobile communication device may be used.

[0012]FIG. 2 is a block diagram of a further example communicationsystem including multiple networks and multiple mobile devices.

[0013]FIG. 3 illustrates a system for transferring messages that wereencrypted and possibly signed using S/MIME or similar techniques.

[0014]FIG. 4 is a flow diagram representing a method for initialprocessing of a secure message.

[0015]FIG. 5 is a flow diagram of a secure message processing method forpreviously decrypted messages.

[0016]FIGS. 6 and 7 are block diagrams depicting processing of messagesinvolving a mobile device.

[0017]FIG. 8 is a block diagram showing an example communication system.

[0018]FIG. 9 is a block diagram of an alternative example communicationsystem.

[0019]FIG. 10 is a block diagram of another alternative communicationsystem.

[0020]FIG. 11 is a block diagram of an example mobile device.

DETAILED DESCRIPTION OF THE DRAWINGS

[0021]FIG. 1 is an overview of an example communication system in whicha wireless mobile communication device may be used. One skilled in theart will appreciate there may be hundreds of different topologies, butthe system shown in FIG. 1 helps demonstrate the operation of the securemessage processing systems and methods described in the presentapplication. There may also be many message senders and recipients. Thesystem shown in FIG. 1 is for illustrative purposes only, and showsperhaps the most prevalent Internet e-mail environment where security isnot generally used.

[0022]FIG. 1 shows an e-mail sender 10, the Internet 20, a messageserver system 40, a wireless gateway 85, wireless infrastructure 90, awireless network 105 and a mobile communication device 100.

[0023] An e-mail sender system 10 may, for example, be connected to anISP (Internet Service Provider) on which a user of the system 10 has anaccount, located within a company, possibly connected to a local areanetwork (LAN), and connected to the Internet 20, or connected to theInternet 20 through a large ASP (application service provider) such asAmerica Online (AOL). Those skilled in the art will appreciate that thesystems shown in FIG. 1 may instead be connected to a wide area network(WAN) other than the Internet, although e-mail transfers are commonlyaccomplished through Internet-connected arrangements as shown in FIG. 1.

[0024] The message server 40 may be implemented on a network computerwithin the firewall of a corporation, a computer within an ISP or ASPsystem or the like, and acts as the main interface for e-mail exchangeover the Internet 20. Although other messaging systems might not requirea message server system 40, a mobile device 100 configured for receivingand possibly sending e-mail will normally be associated with an accounton a message server. Two common message servers are Microsoft Exchange™and Lotus Domino™. These products are often used in conjunction withInternet mail routers that route and deliver mail. These intermediatecomponents are not shown in FIG. 1, as they do not directly play a rolein the secure message processing described below. Message servers suchas server 40 typically extend beyond just e-mail sending and receiving;they also include dynamic database storage engines that have predefineddatabase formats for data like calendars, to-do lists, task lists,e-mail and documentation.

[0025] The wireless gateway 85 and infrastructure 90 provide a linkbetween the Internet 20 and wireless network 105. The wirelessinfrastructure 90 may determine the most likely network for locating agiven user and track users as they roam between countries or networks. Amessage is then delivered to the mobile device 100 via wirelesstransmission, typically at a radio frequency (RF), from a base stationin the wireless network 105 to the mobile device 100. The particularnetwork 105 may be virtually any wireless network over which messagesmay be exchanged with a mobile communication device.

[0026] As shown in FIG. 1, a composed e-mail message 15 is sent from bythe e-mail sender 10, located somewhere on the Internet 20. This message15 is normally fully in the clear and uses traditional Simple MailTransfer Protocol (SMTP), RFC822 headers and Multipurpose Internet MailExtension (MIME) body parts to define the format of the mail message.These techniques are all well known to those skilled in the art. Themessage 15 arrives to the message server 40 and is normally stored in amessage store. Most known messaging systems support a so-called “pull”message access scheme, wherein a mobile device requests that storedmessages be forwarded by the message server to the device. Some systemsprovide for automatic routing of such messages which are addressed usinga specific e-mail address associated with the mobile device. Messagesmay be addressed to a message server account associated with a hostsystem such as a home computer or office computer which belongs to theuser of a mobile device 100 are redirected from the message server 40 tothe mobile device 100 as they are received.

[0027] Regardless of the specific mechanism controlling the forwardingof messages to a mobile device 100, the message 15, or possibly atranslated or reformatted version thereof, is sent to the wirelessgateway 85. The wireless infrastructure 90 includes a series ofconnections to wireless network 105. These connections could beIntegrated Services Digital Network (ISDN), Frame Relay or T1connections using the TCP/IP protocol used throughout the Internet Theterm “wireless network” may include different types of networks, such as(1) data-centric wireless networks, (2) voice-centric wireless networksand (3) dual-mode networks that can support both voice and datacommunications over the same physical base stations. The newest of thesecombined dual-mode networks include, but are not limited to (1) modernCode Division Multiple Access (CDMA) networks, (2) the Groupe SpecialMobile or the Global System for Mobile Communications (GSM) and theGeneral Packet Radio Service (GPRS) network both developed by thestandards committee of CEPT, and (3) the future third-generation (3G)networks like Enhanced Data-rates for Global Evolution (EDGE) andUniversal Mobile Telecommunications Systems (UMTS). GPRS is a dataoverlay on the very popular GSM wireless network, operating in virtuallyevery country in Europe. Some older examples of data-centric networkinclude the Mobitex™ Radio Network, and the DataTAC™ Radio Network.Examples of older voice-centric data networks include PersonalCommunication Systems (PCS) networks like GSM and TDMA systems that havebeen available in North America and world-wide for nearly 10 years.

[0028]FIG. 2 is a block diagram of a further example communicationsystem including multiple networks and multiple mobile devices. Thesystem of FIG. 2 is substantially similar to the FIG. 1 system, butincludes a host system 30, a redirection program 45, a mobile devicecradle 65, a wireless virtual private network (VPN) router 75, anadditional-wireless network 110 and multiple mobile devices 100. Asdescribed above in conjunction with FIG. 1, FIG. 2 represents anoverview of a sample network topology. Although the secure messageprocessing systems and methods described herein may be applied tonetworks having many different topologies, the network of FIG. 2 isuseful in understanding an automatic e-mail redirection system mentionedbriefly above.

[0029] The central host system 30 will typically be a corporate officeor other LAN, but may instead be a home office computer or some othersecure system where mail messages are being exchanged. Within the hostsystem 30 is the message server 40, running on some computer within thefirewall of the host system, that acts as the main interface for thehost system to exchange e-mail with the Internet 20. In the system ofFIG. 2, the redirection program 45 enables redirection of data itemsfrom the server 40 to a mobile device 100. Although the redirectionprogram 45 is shown to reside on the same machine as the message server40 for ease of presentation, there is no requirement that it must resideon the message server. The redirection program 45 and the message server40 are designed to co-operate and interact to allow the pushing ofinformation to mobile devices 100. In this installation, the redirectionprogram 45 takes confidential and non-confidential corporate informationfor a specific user and redirects it out through the corporate firewallto mobile devices 100. A more detailed description of the redirectionsoftware 45 may be found in the commonly assigned U.S. Pat. No.6,219,694 (“the ′694 Patent”), entitled “System and Method for PushingInformation From A Host System To A Mobile Data Communication DeviceHaving A Shared Electronic Address”, and issued to the assignee of theinstant application on Apr. 17, 2001, and U.S. patent applications Ser.No. 09/401,868, Ser. No. 09/545,963, Ser. No. 09/528,495, Ser. No.09/545,962, and Ser. No. 09/649,755, all of which are herebyincorporated into the present application by reference. This pushtechnique may use a wireless friendly encoding, compression andencryption technique to deliver all information to a mobile device thuseffectively extending the security firewall to include each mobiledevice 100 associated with the host system.

[0030] As shown in FIG. 2, there may be many alternative paths forgetting information to the mobile device 100. One method for loadinginformation onto the mobile device 100 is through a port 50 designated,using a device cradle 65. This method tends to be useful for bulkinformation updates often performed at initialization of a device 100with the host system or a computer 35 within the system 30. The othermain method for data exchange is over-the-air using wireless networks todeliver the information. As shown in FIG. 2, this may be accomplishedthrough a wireless VPN router 75 or through a traditional Internetconnection 95 to a wireless gateway 85 and a wireless infrastructure 90,as described above. The concept of a wireless VPN router 75 is new inthe wireless industry and implies that a VPN connection could beestablished directly through a specific wireless network 110 to awireless device 100. The possibility of using a wireless VPN router 75has only recently been available and could be used when the new InternetProtocol (IP) Version 6 (IPV6) arrives into IP-based wireless networks.This new protocol will provide enough IP addresses to dedicate an IPaddress to every mobile device 100 and thus make it possible to pushinformation to a mobile device 100 at any time. A principal advantage ofusing this wireless VPN router 75 is that it could be an off-the-shelfVPN component, thus it would not require a separate wireless gateway 85and wireless infrastructure 90 to be used. A VPN connection may be aTransmission Control Protocol (TCP)/IP or User Datagram Protocol(UDP)/IP connection to deliver the messages directly to the mobiledevice 100. If a wireless VPN 75 is not available then a link 95 to theInternet 20 is the most common connection mechanism available and hasbeen described above.

[0031] In the automatic redirection system of FIG. 2, a composed e-mailmessage 15 leaving the e-mail sender 10 arrives to the message server 40and is redirected by the redirection program 45 to the mobile device100. As this redirection takes place, the message 15 is re-enveloped, asindicated at 80, and a possibly proprietary compression and encryptionalgorithm can then be applied to the original message 15. In this way,messages being read on the mobile device 100 are no less secure than ifthey were read on a desktop workstation such as 35 within the firewall.All messages exchanged between the redirection program 45 and the mobiledevice 100 may use this message repackaging technique. Another goal ofthis outer envelope is to maintain the addressing information of theoriginal message except the sender's and the receiver's address. Thisallows reply messages to reach the appropriate destination, and alsoallows the “from” field to reflect the mobile user's desktop address.Using the user's e-mail address from the mobile device 100 allows thereceived message to appear as though the message originated from theuser's desktop system 35 rather than the mobile device 100.

[0032] Turning back to the port 50 and cradle 65 connectivity to themobile device 100, this connection path offers many advantages forenabling one-time data exchange of large items. For those skilled in theart of personal digital assistants (PDAs) and synchronization, the mostcommon data exchanged over this link is Personal Information Management(PIM) data 55. When exchanged for the first time this data tends to belarge in quantity, bulky in nature and requires a large bandwidth to getloaded onto the mobile device 100 where it can be used on the road. Thisserial link may also be used for other purposes, including setting up aprivate security key 210 such as an S/MIME specific private key, theCertificate (Cert) of the user and their Certificate Revocation Lists(CRLs) 60. The private key may be exchanged so that the desktop 35 andmobile device 100 share one personality and one method for accessing allmail. The Cert and CRLs are normally exchanged because they representthe largest part of S/MIME, PGP and other public key security methods. Acertificate chain involves an individual getting a Cert and thenincluding other Certs to verify the original Cert. Eventually in theCert chain the receiver of the message is able to confirm a root Certfrom a trusted source, perhaps from a large Public Key Server (PKS)associated with a Certificate Authority (CA) such as Verisign or Entrustfor example, both prominent companies in the area of public keycryptography. Once such a root Cert is found, a signature can beverified and trusted, since both the sender and receiver trust thesource of the root Cert, Verisign for example.

[0033] Although the secure message processing systems and methodsdescribed herein are in no way dependent upon pre-loading of informationfrom a host computer or a computer 35 in a host system 30 through a portarrangement, such pre-loading of typically bulky information such asCerts and CRLs may facilitate transmission of secure messages to mobiledevices 100. If an alternate mechanism for transferring secure messagessuch as S/MIME or PGP e-mail messages to a mobile communication deviceis available, the secure messages may be processed as described herein.

[0034] Having described several typical communication networkarrangements, the transfer and processing of secure e-mail messages willnow be described in further detail.

[0035] Secure e-mail messages generated using the S/MIME and PGPtechniques normally include encrypted information, a session key whichis used to decrypt the encrypted information and possibly a digitalsignature. This is generally referred to in the art as the hybridapproach, in that information content is encrypted using a lessintensive session key and encryption algorithm, whereas the moreprocessor-intensive public key crypto is used to encrypt only thesession key in order to send the session key to the device. Thoseskilled in the art will appreciate that S/MIME messages might only besigned and not necessarily be encrypted, however the processing systemsand methods described herein are applicable to encrypted messages,whether signed or not signed.

[0036] A digital signature may, for example, be generated by a messagesender by taking a digest of a message and signing the digest using thesender's private key. A digest may be a check-sum, CRC or othernon-reversible operation such as a hash on the message, which is thensigned. The signed digest, the Cert of the sender, and any chained Certsand CRLs may all be appended to the outgoing message. The receiver ofthis signed message also takes a digest of the message, then retrievesthe sender's public key, checks the Cert and CRLs to ensure that theCert is valid and trusted, and verifies the digest signature. Finally,the two digests are compared to see if they match. If the messagecontent has been changed, then the digests will be different or thedigest signature will not be verified. A digital signature does notprevent anyone from seeing the contents of the message, but does ensurethe message has not been tampered with and is from the actual person asindicated on the ‘From’ field of the message.

[0037] In encrypted S/MIME message operations, a one-time session key isgenerated and used for each message, and is never re-used for othermessages. The session key is then further encrypted using the receiver'spublic key. If the message is addressed to more than one receiver, thesame'session key is encrypted using the public key of each receiver.Only when all receivers have an encoded session key is the message thensent to each receiver. Since the e-mail retains only one form, allencrypted session keys are sent to every receiver, even though theycannot use these other session keys. Each receiver then locates its ownsession key, possibly based on a generated recipient information summaryof the receivers that may be attached to the message, and decrypts thesession key using its private key. Once the session key is decrypted, itis then used to decrypt the message body. The S/MIME recipientinformation attachment can also specify a particular encryption schemethat is used to decrypt the message. This information is normally placedin the header of the S/MIME message.

[0038] As mentioned briefly above, the secure message processing systemsand methods described herein relate primarily to encrypted messages,which may or may not be signed. An encrypted message as processed hereinmay be encrypted and not signed, encrypted and then signed, or signedand then encrypted.

[0039] Referring now to FIG. 3, secure message transfer will bedescribed in further detail. FIG. 3 illustrates a system fortransferring messages that were encrypted Land possibly signed usingS/MIME or similar techniques. FIG. 3 shows an encrypted and signedmessage as an illustrative example only. The secure message processingsystems and methods described herein may be applied to both signed andunsigned encrypted messages.

[0040] In FIG. 3, User X at system 10 creates a mail message 15 anddecides to encrypt and sign the message. To achieve this, the system 10first creates a session key and encrypts the message. Then the publickey for each recipient is retrieved from either local storage or aPublic Key Server (PKS) (not shown) on the Internet 20, for example, ifpublic key cryptography is used. Other crypto schemes may instead beused, although public key cryptography tends to be common, particularlywhen a system includes a large number of possible correspondents. In asystem such as shown in FIG. 3, there may be millions of e-mail systemssuch as 10 that may from time to time wish to exchange messages with anyother e-mail systems. Public key cryptography provides for efficient keydistribution among such large numbers of correspondents. For eachrecipient, the session key is encrypted, as shown at A, B and C forthree intended recipients, and attached to the message preferably alongwith the recipient information (e.g., RecipientInfo section). Once theencryption is complete, a digest of the new message, including theencrypted session keys, is taken and this digest is signed using thesender's private key. In the case where the message is signed first adigest of the message would be taken without the encrypted session keys.This digest, along with all the signed components, would be encryptedusing a session key and each session key would be further encryptedusing each recipients public key if public key crypto is used, oranother key associated with each recipient if the sender is able tosecurely exchange e-mail with one or more recipients through somealternate crypto arrangement.

[0041] This encrypted and signed message 200, with the session keys 205and digital signature and signature-related information 305, is sent tothe message server 40 running on a computer system. As described above,the message server 40 may process the message and place it into theappropriate user's mailbox. Depending upon the mobile device e-mailaccess scheme, a device 100 may request the e-mail from the messageserver 40, or redirection software 45 (see FIG. 2) may detect the newmessage and begin the redirection process to forward the new e-mailmessage to each recipient that has a mobile device 100. Alternatively,the e-mail message and attachments may possibly be sent directly to amobile device 100 instead of or in addition to a message server system.Any of the transfer mechanisms described above, including over theInternet 20 through a wireless gateway and infrastructure 85/90 and oneor more wireless networks 110 or through the Internet 20 and wirelessnetwork 110 using a wireless VPN router 75 (FIG. 2). Other transfermechanisms that are currently known or may become available in thefuture, may also be used to send the message and attachments to a mobiledevice 100.

[0042]FIG. 3 illustrates receipt of the entire message on each mobiledevice 100. Before the message is sent to a mobile device 100, thesignature or encryption sections of the message may instead bere-organized and only the necessary portions sent to each mobile device100, as described in detail in U.S. patent applications, Ser. No.60/297,681, titled “An Advanced System and Method for Compressing SecureE-Mail for Exchange with a Mobile Data Communication Device”, filed onJun. 12, 2001, and Ser. No. 60/365535, titled “Advanced System AndMethod For Compressing Secure E-Mail For Exchange With A Mobile DataCommunication Device”, filed on Mar. 20, 2002, both assigned to theassignee of the present application and incorporated in their entiretyherein by reference. These earlier applications disclose several schemesfor rearranging secure messages and limiting the amount of informationsent to a mobile device. For example, in accordance with one schemedescribed in the above applications, the message server systemdetermines the appropriate session key for each mobile device and sendsonly that encrypted session key with the message to the mobile device.The above applications also disclose techniques for limitingsignature-related information that is to be sent to a mobile device withan encrypted and signed message. For example, a message server mayverify digital signature in a signed message and send the mobile devicethe result of the verification.

[0043] Although FIG. 3 shows entire messages, with all encrypted sessionkeys and signature-related attachments, at each mobile device 100, thepresent encrypted message processing techniques require only that theencrypted session key be forwarded to the mobile device with themessage. Other encrypted session keys and signature information may ormay not necessarily be received at the mobile device. For example, whenan encrypted message includes a plurality of encrypted session keysassociated with different recipients, the encrypted message may bereorganized prior to transmission to a mobile device 100 such that theencrypted message is transmitted to the mobile device containing onlythe encrypted session key associated with the mobile device. Referringagain to FIG. 3; the message server 40 may, for example, determine theencrypted session key associated with the mobile device of User A, andreorganize the received encrypted message such that the encryptedmessage is sent to User A's mobile device 100 without containing anencrypted session key that is not associated with User A or User A'smobile device 100.

[0044] If the message is not signed, such that X's signature and othersignature-related information including X's CRLs, X's Cert and otherchained Certs would not be part of the message, or the message wassigned before it was encrypted, then when a user of a mobile device 100opens the message, the appropriate encrypted session key is found anddecrypted. However, if the message was signed after being encrypted thenthe signature is preferably first verified and the correct session keyis then found and decrypted. As those skilled in the art willappreciate, session key decryption commonly involves the furthersecurity operation of entering a password or passphrase preferably knownonly to the user of a mobile device.

[0045] When the session key is decrypted, it is stored in a temporarystorage area such as in a random access memory (RAM) on a mobile device100. The next time the message is opened, the stored version of thedecrypted key is retrieved from memory. In known systems, the sessionkey is decrypted, after a password or passphrase is entered, each timean encrypted message is opened. By storing the decrypted key in memory,only a memory access operation, which would be much faster than a keydecryption operation, is performed to subsequently decrypt an encryptedmessage for which a session key has already been decrypted.

[0046] The temporary storage area in which the decrypted session key isstored is preferably in a volatile and non-persistent store. Thedecrypted key may, for example, be stored for only a particular periodof time, which may preferably be set by a user. A single key storagetime period may be set and applied to all messages, although morecustomized settings are also contemplated. Particularly sensitivemessages that normally arrive from certain senders or from senders whosee-mail addresses have the same domain name, for example, may have asspecific relatively short decrypted session key storage period, whereasdecrypted session keys for encrypted e-mails received from othersenders, perhaps personal contacts, may be stored for a longer period oftime. Alternatively, a user may be prompted for a storage time periodeach time a message is opened or closed. The decrypted key storagefeature might also be disabled for certain messages or messages receivedfrom certain senders. Session key storage operations may possibly beautomatically controlled by detection of specific predetermined keywordsin a message. For example, the text “Top Secret” in an e-mail subjectline may be detected by the device when the e-mail is decrypted andprevent the decrypted session key from being stored or delete thesession key from storage if it had already been stored.

[0047] The particular criteria controlling decrypted session key storagemay be determined in accordance with the desired level of security ofencrypted messages at a mobile device. Storage of the session keyrepresents a trade-off between usability and security. Longer keystorage intervals improve usability at the cost of decreased security,since an encrypted message may be decrypted for a longer period of timeafter first being decrypted without having to decrypt the session key. Ashorter key storage interval reduces the amount of time that encryptedmessage contents remain accessible to an unauthorized user of a device.When the decrypted session key is removed from storage, an unauthorizeduser would preferably be required to first correctly enter the deviceuser's password or passphrase in order to decrypt and view encryptedmessage content.

[0048]FIG. 4 is a flow diagram representing a method for initialprocessing of a secure message. At step 402, a received encryptedmessage is accessed for the first time. If the received message wassigned by the sender after being encrypted, as determined at step 404,then the device will attempt to verify the digital signature. If thedigital signature is properly verified at step 406, for example bydetermining a match between digests as described above, processingcontinues at step 410. Otherwise, the user will typically be given someindication that the signature verification failed, at step 408.Depending upon the particular signature scheme implemented or perhaps inresponse to a user selection to end processing, a message might not befurther processed if the signature cannot be verified, and processingends at step 418. However, in certain circumstances, the user may wishto proceed to view or otherwise process the message, even though thedigests do not match and thus the message content may have been alteredafter the sender signed the message.

[0049] If the message was not signed after being encrypted (step 404),when the digital signature is verified (step 406), or processing shouldcontinue after a failed signature verification attempt (step 408), thereceiving device then locates its corresponding session key in themessage at step 410. However, if the session key could not be found orthe key required to decrypt the session key is not available, asdetermined at step 412, for example if the user does not input a correctpassword or passphrase, then the device cannot decrypt the session keyor the message (414) and an error is preferably returned to the user atstep 416. When a session key is found and the required decryption key isavailable (i.e. a correct password or passphrase is entered) on thedevice, the session key is then decrypted at step 420 and used todecrypt the message, at step 422. The decrypted session key is thenpreferably stored to a non-persistent store at step 424. Anydeterminations relating to whether or not the decrypted session keyshould be stored or for how long the decrypted key should be storedwould be performed as part of step 424.

[0050] Where the message was signed by the sender before beingencrypted, as determined at step 426, the digital signature ispreferably verified at steps 428 and 430, substantially as describedabove in reference to steps 406 and 408. The decrypted message is thendisplayed or processed at step 432, if the message was not signed afterbeing encrypted, after the signature is verified, or when processingshould continue after a signature verification failure. The process endsat step 418.

[0051]FIG. 5 is a flow diagram of a secure message processing method forpreviously decrypted messages. Step 502 represents an operation ofaccessing an encrypted message that has previously been decrypted. Newencrypted messages are processed as described above and shown in FIG. 4.Since the message being accessed in step 502 has previously beendecrypted, a post-encryption digital signature appended to the messagemay have already been verified. If not, or if the signature should beverified again, for example where a new CRL has been loaded onto thedevice, a positive determination is made at step 504. At step 506,signature verification operations are performed. Steps 508 and 510operate substantially as described above in reference to the signatureverification steps 406 and 408 in FIG. 4. Where the signature cannot beverified, processing may either end at step 511 or continue at step 512.

[0052] If the digital signature need not be verified, is verified, orprocessing should continue even if a digital signature could not beverified, then the mobile device, or more likely crypto softwareoperating on the mobile device, checks to see if the decrypted sessionkey for the message is currently in storage, at step 512. As describedabove, the session key is preferably stored in a non-persistent storeand may be stored for a certain time period. If a time period hasexpired, the device has lost power or been turned off since the sessionkey was stored, or the session key was not stored at all, thenprocessing reverts to initial message processing at step 410 (FIG. 4),as indicated at 514. Since the session key is not in memory, it isdecrypted again in order to decrypt the message.

[0053] When the decrypted session key is found in storage, then thestored decrypted key is used to decrypt the message at step 516. Thesession key decryption operation is avoided and the message can therebybe displayed or processed much more quickly than in known secure messageprocessing schemes. As above, if the message was signed beforeencryption, the digital signature may or may not be verified (518, 520,522, 524) before the message or its contents are displayed or processedat step 526.

[0054] Those skilled in the art will appreciate that a secure messageprocessing method need not necessarily include all of the steps shown inFIGS. 4 and 5 or may include further steps and operations in additionthereto. If the secure messaging scheme does not involve signatures,then the signature verification steps would not be executed. Theoperations may also be performed in a different order. For example, thedecrypted session key may be stored before the message is decrypted.Other variations of the methods and systems described above will beapparent to those skilled in the art and as such are considered to bewithin the scope of the invention.

[0055] For example, although described primarily in the context of amobile communication device, the encrypted message processing systemsand methods described above may reduce processor load and time delaysassociated with viewing or otherwise accessing encrypted messages forwhich respective session keys have been previously decrypted. Sessionkey decryption operations tend to involve much smaller time delays ondesktop computer systems which typically have faster and much morepowerful processors than smaller hand-held and portable devices. Thepower consumption associated with such processor intensive decryptionoperations also tends to be less of a concern in desktop or other largercomputer systems with virtually unlimited power sources. However, thesystems and methods described above may nonetheless provide for fasterand less intensive encrypted message decryption in such systems.

[0056] As further examples of the wide scope of the systems and methodsdescribed herein, FIGS. 6 and 7 illustrate additional situations whereencrypted messages are handled by a mobile device. FIG. 6 depicts anexample wherein a wireless connector system 606 transmits a message 604from a sender 602 that is addressed to one or more message receivers. Inthis example, the sender's message 604 is an encrypted message thatincludes encrypted content and further includes encryption accessinginformation (e.g., a session key or other equivalent technique) whichallows the decryption of the encrypted content.

[0057] The wireless connector system 606 may use a host system 608 inits transmission of the message 604 to a mobile device 614. The wirelessconnector system 606 may perform authentication and/or encryptionmessage processing upon the sender's message 604, or the wirelessconnector system may be of the type that does not perform anyauthentication and/or encryption message processing.

[0058] The encrypted message 604 is then transmitted to the mobiledevice 614. The mobile device 614 extracts the message's encryptionaccessing information and uses a storage software module 622 to storethe encryption accessing information 616 in memory 618 which is volatileand non-persistent The memory 618 may include a message access datastructure 620 to store the encryption accessing information 616 in thememory 618.

[0059]FIG. 7 depicts a message access data structure 620 where encryptedcontent is accessed multiple times. In this example, several messages'accessing information is stored in the message access data structure620, such as encryption accessing information 710 for a first messageand encryption accessing information 720 for a second message. If theencrypted contents of the first message are accessed multiple times asshown at 700, then the mobile device 614 uses an accessing softwaremodule 702 to retrieve the first message's encryption accessinginformation 710 from memory 618. The retrieved information 710 is usedto decrypt the encrypted content for use by the user of the mobiledevice or by a software application that requested the content.

[0060] The system and method may be expanded to store digital signatureverification information (712, 722) in the message access data structure620. In this situation, the accessing software module 702 retrieves thefirst message's digital signature verification information 712 if theinformation is needed to verify a digital signature of the firstmessage. Associations (714, 724) may be formed in the message accessdata structure 620 to indicate which encryption accessing information isassociated with which digital signature verification. In this way, theaccessing software module 702 may recognize which data is associatedwith which messages.

[0061] Still further examples of the wide scope of the systems andmethods disclosed herein are illustrated in FIGS. 8-10. FIGS. 8-10describe additional uses of the systems and methods within differentexemplary communication systems. FIG. 8 is a block diagram showing anexample communication system. In FIG. 8, there is shown a computersystem 802, a WAN 804, corporate LAN 806 behind a security firewall 808,wireless infrastructure 810, wireless networks 812 and 814, and mobiledevices 816 and 818. The corporate LAN 806 includes a message server820, a wireless connector system 828, a data store 817 including atleast a plurality of mailboxes 819, a desktop computer system 822 havinga communication link directly to a mobile device such as throughphysical connection 824 to an interface or connector 826, and a wirelessVPN router 832. Operation of the system in FIG. 8 will be describedbelow with reference to the messages 833, 834 and 836.

[0062] The computer system 802 may, for example, be a laptop, desktop orpalmtop computer system configured for connection to the WAN 804. Such acomputer system may connect to the WAN 804 via an ISP or ASP.Alternatively, the computer system 802 may be a network-connectedcomputer system that, like the computer system 822 for example, accessesthe WAN 804 through a LAN or other network. Many modern mobile devicesare enabled for connection to a WAN through various infrastructure andgateway arrangements, so that the computer system 802 may also be amobile device.

[0063] The corporate LAN 806 is an illustrative example of a central,server-based messaging system that has been enabled for wirelesscommunications. The corporate LAN 806 may be referred to as a “hostsystem”, in that it hosts both a data store 817 with mailboxes 819 formessages, as well as possibly further data stores (not shown) for otherdata items, that may be sent to or received from mobile devices 816 and818, and the wireless connector system 828, the wireless VPN router 832,or possibly other components enabling communications between thecorporate LAN 806 and one or more mobile devices 816 and 818. In moregeneral terms, a host system may be one or more computers at, with or inassociation with which a wireless connector system is operating. Thecorporate LAN 806 is one preferred embodiment of a host system, in whichthe host system is a server computer running within a corporate networkenvironment operating behind and protected by at least one securitycommunications firewall 808. Other possible central host systems includeISP, ASP and other service provider or mail systems. Although thedesktop computer system 824 and interface/connector 826 may be locatedoutside such host systems, wireless communication operations may besimilar to those described below.

[0064] The corporate LAN 806 implements the wireless connector system828 as an associated wireless communications enabling component, whichwill normally be a software program, a software application, or asoftware component built to work with at least one or more messageserver. The wireless connector system 828 is used to send user-selectedinformation to, and to receive information from, one or more mobiledevices 816 and 818, via one or more wireless networks 812 and 814. Thewireless connector system 828 may be a separate component of a messagingsystem, as shown in FIG. 8, or may instead be partially or entirelyincorporated into other communication system components. For example,the message server 820 may incorporate a software program, application,or component implementing the wireless connector system 828, portionsthereof, or some or all of its functionality.

[0065] The message server 820, running on a computer behind the firewall808, acts as the main interface for the corporation to exchangemessages, including for example electronic mail, calendaring data, voicemail, electronic documents, and other PIM data with the WAN 804, whichwill typically be the Internet. The particular intermediate operationsand computers will be dependent upon the specific type of messagedelivery mechanisms and networks via which messages are exchanged, andtherefore have not been shown in FIG. 8. The functionality of themessage server 820 may extend beyond message sending and receiving,providing such features as dynamic database storage for data likecalendars, todo lists, task lists, e-mail and documentation, asdescribed above.

[0066] Message servers such as 820 normally maintain a plurality ofmailboxes 819 in one or more data stores such as 817 for each userhaving an account on the server. The data store 817 includes mailboxes819 for a number of (“n”) user accounts. Messages received by themessage server 820 that identify a user, a user account, a mailbox, orpossibly another address associated with a user, account or mailbox 819as a message recipient will typically be stored in the correspondingmailbox 819. If a message is addressed to multiple recipients or adistribution list, then copies of the same message may be stored tomore-than one mailbox 819. Alternatively, the message server 820 maystore a single copy of such a message in a data store accessible to allof the users having an account on the message server, and store apointer or other identifier in each recipient's mailbox 819. In typicalmessaging systems, each user may then access his or her mailbox 819 andits contents using a messaging client such as Microsoft Outlook or LotusNotes, which normally operates on a PC, such as the desktop computersystem 822, connected in the LAN 806. Although only one desktop computersystem 822 is shown in FIG. 8, those skilled in the art will appreciatethat a LAN will typically contain many desktop, notebook and laptopcomputer systems. Each messaging client normally accesses a mailbox 819through the message server 820, although in some systems, a messagingclient may enable direct access to the data store 817 and a mailbox 819stored thereon by the desktop computer system 822. Messages may also bedownloaded from the data store 817 to a local data store (not shown) onthe desktop computer system 822.

[0067] Within the corporate LAN 806, the wireless connector system 828operates in conjunction with the message server 820. The wirelessconnector system 828 may reside on the same computer system as themessage server 820, or may instead be implemented on a differentcomputer system. Software implementing the wireless connector system 828may also be partially or entirely integrated with the message server820. The wireless connector system 828 and the message server 820 arepreferably designed to cooperate and interact to allow the pushing ofinformation to mobile devices 816, 818. In such an installation, thewireless connector system 828 is preferably configured to sendinformation that is stored in one or more data stores associated withthe corporate LAN 806 to one or more mobile devices 816, 818, throughthe corporate firewall 808 and via the WAN 804 and one of the wirelessnetworks 812, 814. For example, a user that has an account andassociated mailbox 819 in the data store 817 may also have a mobiledevice, such as 816. As described above, messages received by themessage server 820 that identify a user, account or mailbox 819 arestored to a corresponding mailbox 819 by the message server 820. If auser has a mobile device, such as 816, messages received by the messageserver 820 and stored to the user's mailbox 819 are preferably detectedby the wireless connector system 828 and sent to the user's mobiledevice 816. This type of functionality represents a “push” messagesending technique. The wireless connector system 828 may instead employa “pull” technique, in which items stored in a mailbox 819 are sent to amobile device 816, 818 responsive to a request or access operation madeusing the mobile device, or some combination of both techniques.

[0068] The use of a wireless connector 828 thereby enables a messagingsystem including a message server 820 to be extended so that each user'smobile device 816, 818 has access to stored messages of the messageserver 820. Although the systems and methods described herein are notrestricted solely to a push-based technique, a more detailed descriptionof push-based messaging may be found in the United States Patent andApplications incorporated by reference above. This push technique uses awireless friendly encoding, compression and encryption technique todeliver all information to a mobile device, thus effectively extendingthe company firewall 808 to include the mobile devices 816, 818.

[0069] As shown in FIG. 8, there are several paths for exchanginginformation with a mobile device 816, 818 from the corporate LAN 806.One possible information transfer path is through the physicalconnection 824 such as a serial port, using an interface or connector826. This path may be useful for example for bulk information updatesoften performed at initialization of a mobile device 816, 818 orperiodically when a user of a mobile device 816, 818 is working at acomputer system in the LAN 806, such as the computer system 822. Forexample, as described above, PIM data is commonly exchanged over such aconnection, for example a serial port connected to an appropriateinterface or connector 826 such as a cradle in or upon which a mobiledevice 816, 818 may be placed. The physical connection 824 may also beused to transfer other information from a desktop computer system 822 toa mobile device 816, 818, including private security keys (“privatekeys”) such as private encryption or signature keys associated with thedesktop computer system 822, or other relatively bulky information suchas Certs and CRLs, used in some secure messaging schemes such as S/MIMEand PGP.

[0070] Private key exchange using a physical connection 824 andconnector or interface 826 allows a user's desktop computer system 822and mobile device 816 or 818 to share at least one identity foraccessing all encrypted and/or signed mail. The user's desktop computersystem 822 and mobile device 816 or 818 can also thereby share privatekeys so that either the host system 822 or mobile device 816 or 818 canprocess secure messages addressed to the user's mailbox or account onthe message server 820. The transfer of Certs and CRLs over such aphysical connection may be desirable in that they represent a largeamount of the data that is required for S/MIME, PGP and other public keysecurity methods. A user's own Cert, a chain of Cert(s) used to verifythe user's Cert, and CRL as well as Certs, Cert chains and CRLs forother users, may be loaded onto a mobile device 816, 818 from the user'sdesktop computer system 822. This loading of other user's. Certs andCRPU onto a mobile device 816, 818 allows a mobile device user to selectother entities or users with whom they might be exchanging securemessages, and to pre-load the bulky information onto the mobile devicethrough a physical connection instead of over the air, thus saving timeand wireless bandwidth when a secure message is received from or to besent to such other users, or when the status of a Cert is to bedetermined.

[0071] In known “synchronization” type wireless messaging systems, aphysical path has also been used to transfer messages from mailboxes 819associated with a message server 820 to mobile devices 816 and 818.

[0072] Another method for data exchange with a mobile device 816, 818 isover-the-air, through the wireless connector system 828 and usingwireless networks 812, 814. As shown in FIG. 8, this could involve aWireless VPN router 832, if available in the network 806, or,alternatively, a traditional WAN connection to wireless infrastructure810 that provides an interface to one or more wireless networks 812,814. The Wireless VPN router 832 provides for creation of a VPNconnection directly through a specific wireless network 812 to awireless device 816. Such a Wireless VPN router 832 may be used inconjunction with a static addressing scheme. For example, if thewireless network 812 is an IP-based wireless network, then IPV6 wouldprovide enough IP addresses to dedicate an IP address to every mobiledevice 816 configured to operate within the network 812 and thus make itpossible to push information to a mobile device 816 at any time. Aprimary advantage of using a wireless VPN router 832 is that it could bean off-the-shelf VPN component which would not require wirelessinfrastructure 810. A VPN connection may use a TCP/IP or UDP/IPconnection to deliver messages directly to and from a mobile device 816.

[0073] If a wireless VPN router 832 is not available, then a link to aWAN 804, normally the Internet, is a commonly used connection mechanismthat may be employed by the wireless connector system 828. To handle theaddressing of the mobile device 816 and any other required interfacefunctions, wireless infrastructure 810 is preferably used. The wirelessinfrastructure 810 may also determine a most likely wireless network forlocating a given user, and track users as they roam between countries ornetworks. In wireless networks such as 812 and 814, messages arenormally delivered to and from mobile devices 816, 818 via RFtransmissions between base stations (not shown) and the mobile devices816, 818.

[0074] A plurality of connections to wireless networks 812 and 814 maybe provided, including, for example, ISDN, Frame Relay or T1 connectionsusing the TCP/IP protocol used throughout the Internet. The wirelessnetworks 812 and 814 could represent distinct, unique and unrelatednetworks, or they could represent the same network in differentcountries, and may be any of different types of networks, including butnot limited to, data-centric wireless networks, voice-centric wirelessnetworks, and dual-mode networks that can support both voice and datacommunications over the same or similar infrastructure, such as any ofthose described above.

[0075] In some implementations, more than one over-the-air informationexchange mechanism may be provided in the corporate LAN 806. In theexemplary communication system of FIG. 8 for example, mobile devices816, 818 associated with users having mailboxes 819 associated with useraccounts on the message server 820 are configured to operate ondifferent wireless networks 812 and 814. If the wireless network 812supports IPv6 addressing, then the wireless VPN router 832 may be usedby the wireless connector system 828 to exchange data with any mobiledevice 816 operating within the wireless network 812. The wirelessnetwork 814 may be a different type of wireless network, however, suchas the Mobitex network, in which case information may instead beexchanged with a mobile device 818 operating within the wireless network814 by the wireless connector system 828 via a connection to the WAN 804and the wireless infrastructure 810.

[0076] Operation of the system in FIG. 8 will now be described using anexample of an e-mail message 833 sent from-the computer system 812 andaddressed to at least one recipient having both an account and mailbox819 or like data store associated with the message server 820 and amobile device 816 or 818. However, the e-mail message 833 is intendedfor illustrative purposes only. The exchange of other types ofinformation between the corporate LAN 806 is preferably also enabled bythe wireless connector system 828.

[0077] The e-mail message 833, sent from the computer system 802 via theWAN 804, may be fully in the clear, or signed with a digital signatureand/or encrypted, depending upon the particular messaging scheme used.For example, if the computer system 802 is enabled for secure messagingusing S/MIME, then the e-mail message 833 may be signed, encrypted, orboth.

[0078] E-mail messages such as 833 normally use traditional SMTP, RFC822headers and MIME body parts to define the format of the e-mail message.These techniques are all well known to one in the art. The e-mailmessage 833 arrives at the message server 820, which determines intowhich mailboxes 819 the e-mail message 833 should be stored. Asdescribed above, a message such as the e-mail message 833 may include auser name, a user account, a mailbox identifier, or other type ofidentifier that may be mapped to a particular account or associatedmailbox 819 by the message server 820. For an e-mail message 833,recipients are typically identified using e-mail addresses correspondingto a user account and thus a mailbox 819.

[0079] The wireless connector system 828 sends or mirrors, via awireless network 812 or 814, certain user-selected data items or partsof data items from the corporate LAN 806 to the user's mobile device 816or 818, preferably upon detecting that one or more triggering events hasoccurred. A triggering event includes, but is not limited to, one ormore of the following: screen saver activation at a user's networkedcomputer system 822, disconnection of the user's mobile device 816 or818 from the interface 826, or receipt of a command sent from a mobiledevice 816 or 818 to the host system to start sending one or moremessages stored at the host system. Thus, the wireless connector system828 may detect triggering events associated with the message server 820,such as receipt of a command, or with one or more networked computersystems 822, including the screen saver and disconnection eventsdescribed above. When wireless access to corporate data for a mobiledevice 816 or 818 has been activated at the LAN 806, for example whenthe wireless connector system 828 detects the occurrence of a triggeringevent for a mobile device user, data items selected by the user arepreferably sent to the user's mobile device. In the example of thee-mail message 833, assuming that a triggering event has been detected,the arrival of the message 833 at the message server 820 is detected bythe wireless connector system 828. This may be accomplished, forexample, by monitoring or querying mailboxes 819 associated with themessage server 820, or, if the message server 820 is a MicrosoftExchange server, then the wireless connector system 828 may register foradvise syncs provided by the Microsoft Messaging Application ProgrammingInterface (MAPI) to thereby receive notifications when a new message isstored to a mailbox 819.

[0080] When a data item such as the e-mail message 833 is to be sent toa mobile device 816 or 818, the wireless connector system 828 preferablyrepackages the data item in a manner that is transparent to the mobiledevice, so that information sent to and received by the mobile deviceappears similar to the information as stored on and accessible at thehost system, LAN 806 in FIG. 8. One preferred repackaging methodincludes wrapping received messages to be sent via a wireless network812, 814 in an electronic envelope that corresponds to the wirelessnetwork address of the mobile device 816, 818 to which the message is tobe sent. Alternatively, other repackaging methods could be used, such asspecial-purpose TCP/IP wrapping techniques. Such repackaging preferablyalso results in e-mail messages sent from a mobile device 816 or 818appearing to come from a corresponding host system account or mailbox819 even though they are composed and sent from a mobile device. A userof a mobile device 816 or 818 may thereby effectively share a singlee-mail address between a host system account or mailbox 819 and themobile device.

[0081] Repackaging of the e-mail message 833 is indicated at 834 and836. Repackaging techniques may be similar for any available transferpaths or may be dependent upon the particular transfer path, either thewireless infrastructure 810 or the wireless VPN router 832. For example,the e-mail message 833 is preferably compressed and encrypted, eitherbefore or after being repackaged at 834, to thereby effectively providefor secure transfer to the mobile device 818. Compression reduces thebandwidth required to send the message, whereas encryption ensuresconfidentiality of any messages or other information sent to mobiledevices 816 and 818. In contrast, messages transferred via a VPN router832 might only be compressed and not encrypted, since a VPN connectionestablished by the VPN router 832 is inherently secure. Messages arethereby securely sent, via either encryption at the wireless connectorsystem 828, which may be considered a non-standard VPN tunnel or aVPN-like connection for example, or the VPN router 832, to mobiledevices 816 and 818. Accessing messages using a mobile device 816 or 818is thus no less secure than accessing mailboxes at the LAN 806 using thedesktop computer system 822.

[0082] When a repackaged message 834 or 836 arrives at a mobile device816 or 818, via the wireless infrastructure 810, or via the wireless VPNrouter 832, the mobile device 816 or 818 removes the outer electronicenvelope from the repackaged message 834 or 836, and performs anyrequired decompression and decryption operations. Messages sent from amobile device 816 or 818 and addressed to one or more recipients arepreferably similarly repackaged, and possibly compressed and encrypted,and sent to a host system such as the LAN 806. The host system may thenremove the electronic envelope from the repackaged message, decrypt anddecompress the message if desired, and route the message to theaddressed recipients.

[0083] Another goal of using an outer envelope is to maintain at leastsome of the addressing information in the original e-mail message 833.Although the outer envelope used to route information to mobile devices816, 818 is addressed using a network address of one or more mobiledevices, the outer envelope preferably encapsulates the entire originale-mail message 833, including at least one address field, possibly incompressed and/or encrypted form. This allows original “To”, “From” and“CC” addresses of the e-mail message 833 to be displayed when the outerenvelope is removed and the message is displayed on a mobile device 816or 818. The repackaging also allows reply messages to be delivered toaddressed recipients, with the “From” field reflecting an address of themobile device user's account or mailbox on the host system, when theouter envelope of a repackaged outgoing message sent from a mobiledevice is removed by the wireless connector system 828. Using the user'saccount or mailbox address from the mobile device 816 or 818 allows amessage sent from a mobile device to appear as though the messageoriginated from the user's mailbox 819 or account at the host systemrather than the mobile device.

[0084]FIG. 9 is a block diagram of an alternative exemplarycommunication system, in which wireless communications are enabled by acomponent associated with an operator of a wireless network. As shown inFIG. 9, the system includes a computer system 802, WAN 804, a corporateLAN 807 located behind a security firewall 808, network operatorinfrastructure 840, a wireless network 811, and mobile devices 813 and815. The computer system 802, WAN 804, security firewall 808, messageserver 820, data store 817, mailboxes 819, and VPN router 835 aresubstantially the same as the similarly-labelled components in FIG. 8.However, since the VPN router 835 communicates with the network operatorinfrastructure 840, it need not necessarily be a wireless VPN router inthe system of FIG. 9. The network operator infrastructure 840 enableswireless information exchange between the LAN 807 and mobile devices813, 815, respectively associated with the computer systems 842 and 852and configured to operate within the wireless network 811. In the LAN807, a plurality of desktop computer systems 842, 852 are shown, eachhaving a physical connection 846, 856 to an interface or connector 848,858. A wireless connector system 844, 854 is operating on or inconjunction with each computer system 842, 852.

[0085] The wireless connector systems 844, 854 are similar to thewireless connector system 828 described above, in that it enables dataitems, such as e-mail messages and other items that are stored inmailboxes 819, and possibly data items stored in a local or network datastore, to be sent from the LAN 807 to one or more mobile devices 813,815. In FIG. 9 however, the network operator infrastructure 840 providesan interface between the mobile devices 813, 815 and the LAN 807. Asabove, operation of the system shown in FIG. 9 will be described belowin the context of an e-mail message as an illustrative example of a dataitem that may be sent to a mobile device 813, 815.

[0086] When an e-mail message 833, addressed to one or more recipientshaving an account on the message server 820, is received by the messageserver 820, the message, or possibly a pointer to a single copy of themessage stored in a central mailbox or data store, is stored into themailbox 819 of each such recipient. Once the e-mail message 833 orpointer has been stored to a mailbox 819, it may preferably be accessedusing a mobile device 813 or 815. In the example shown in FIG. 9, thee-mail message 833 has been addressed to the mailboxes 819 associatedwith both desktop computer systems 842 and 852 and thus both mobiledevices 813 and 815.

[0087] As those skilled in the art will appreciate, communicationnetwork protocols commonly used in wired networks such as the LAN 807and/or the WAN 804 are not suitable or compatible with wireless networkcommunication protocols used within wireless networks such as 811. Forexample, communication bandwidth, protocol overhead and network latency,which are primary concerns in wireless network communications, are lesssignificant in wired networks, which typically have much higher capacityand speed than wireless networks. Therefore, mobile devices 813 and 815cannot normally access the data store 817 directly. The network operatorinfrastructure 840 provides a bridge between the wireless network 811and the LAN 807.

[0088] The network operator infrastructure 840 enables a mobile device813, 815 to establish a connection to the LAN 807 through the WAN 804,and may, for example, be operated by an operator of the wireless network811 or a service provider that provides wireless communication servicefor mobile devices 813 and 815. In a pull-based system, a mobile device813, 815 may establish a communication session with the network operatorinfrastructure 840 using a wireless network compatible communicationscheme, preferably a secure scheme such as Wireless Transport LayerSecurity (WTLS) when information should remain confidential, and awireless web browser such as a Wireless Application Protocol (WAP)browser. A user may then request (through manual selection orpre-selected defaults in the software residing in the mobile device) anyor all information, or just new information for example, stored in amailbox 819 in the data store 817 at the LAN 807. The network operatorinfrastructure 840 then establishes a connection or session with awireless connector system 844, 854, using Secure Hypertext TransferProtocol (HTTPS) for example, if no session has already beenestablished. As above, a session between the network operatorinfrastructure 840 and a wireless connector system 844, 854 may be madevia a typical WAN connection or through the VPN router 835 if available.When time delays between receiving a request from a mobile device 813,815 and delivering requested information back to the device are to beminimized, the network operator infrastructure 840 and the wirelessconnector systems 844, 854 may be configured so that a communicationconnection remains open once established.

[0089] In the system of FIG. 9, requests originating from mobile deviceA 813 and B 815 would be sent to the wireless connector systems 844 and854, respectively. Upon receiving a request for information from thenetwork operator infrastructure 840, a wireless connector system 844,854 retrieves requested information from a data store. For the e-mailmessage 833, the wireless connector system 844, 854 retrieves the e-mailmessage 833 from the appropriate mailbox 819, typically through amessaging client operating in conjunction with the computer system 842,852, which may access a mailbox 819 either via the message server 820 ordirectly. Alternatively, a wireless connector system 844, 854 may beconfigured to access mailboxes 819 itself, directly or through themessage server 820. Also, other data stores, both network data storessimilar to the data store 817 and local data stores associated with eachcomputer system 842, 852, may be accessible to a wireless connectorsystem 844, 854, and thus to a mobile device 813, 815.

[0090] If the e-mail message 833 is addressed to the message serveraccounts or mailboxes 819 associated with both computer systems 842 and852 and devices 813 and 815, then the e-mail message 833 may be sent tothe network operator infrastructure 840 as shown, at 860 and 862, whichthen sends a copy of the e-mail message to each mobile device 813 and815, as indicated at 864 and 866. Information may be transferred betweenthe wireless connector systems 844, 854 and the network operatorinfrastructure 840 via either a connection to the WAN 804 or the VPNrouter 835. When the network operator infrastructure 840 communicateswith the wireless connector systems 844, 854 and the mobile devices 813,815 via different protocols, translation operations may be performed bythe network operator infrastructure 840. Repackaging techniques may alsobe used between the wireless connector systems 844, 854 and the networkoperator infrastructure 840, and between each mobile device 813, 815 andthe network operator infrastructure 840.

[0091] Messages or other information to be sent from a mobile device813, 815 may be processed in a similar manner, with such informationfirst being transferred from a mobile device 813, 815 to the networkoperator infrastructure 840. The network operator infrastructure 840 maythen send the information to a wireless connector system 844, 854 forstorage in a mailbox 819 and delivery to any addressed recipients by themessage server 820 for example, or may alternatively deliver theinformation to the addressed recipients.

[0092] The above description of the system in FIG. 9 relates topull-based operations. The wireless connector systems 844, 854 and thenetwork operator infrastructure may instead be configured to push dataitems to mobile devices 813 and 815. A combined push/pull system is alsopossible. For example, a notification of a new message or a list of dataitems currently stored in a data store at the LAN 807 could be pushed toa mobile device 813, 815, which may then be used to request messages ordata items from the LAN 807 via the network operator infrastructure 840.

[0093] If mobile devices associated with user accounts on the LAN 807are configured to operate within different wireless networks, then eachwireless network may have an associated wireless network infrastructurecomponent similar to 840.

[0094] Although separate, dedicated wireless connector systems 844, 854are shown for each computer system 842, 852 in the system of FIG. 9, oneor more of the wireless connector systems 844, 854 may preferably beconfigured to operate in conjunction with more than one computer system842, 852, or to access a data store or mailbox 819 associated with morethan one computer system. For example, the wireless connector system 844may be granted access to the mailboxes 819 associated with both thecomputer system 842 and the computer system 852. Requests for data itemsfrom either mobile device A 813 or B 815 may then be processed by thewireless connector system 844. This configuration may be useful toenable wireless communications between the LAN 807 and the mobiledevices 813 and 815 without requiring a desktop computer system 842, 852to be running for each mobile device user. A wireless connector systemmay instead be implemented in conjunction with the message server 820 toenable wireless communications.

[0095]FIG. 10 is a block diagram of another alternative communicationsystem. The system includes a computer system 802, WAN 804, a corporateLAN 809 located behind a security firewall 808, an access gateway 880,data store 882, wireless networks 884 and 886, and mobile devices 888and 890. In the LAN 809, the computer system 802, WAN 804, securityfirewall 808, message server 820, data store 817, mailboxes 819, desktopcomputer system 822, physical connection 824, interface or connector 826and VPN router 835 are substantially the same as the correspondingcomponents described above. The access gateway 880 and data store 882provide mobile devices 888 and 890 with access to data items stored atthe LAN 809. In FIG. 10, a wireless connector system 878 operates on orin conjunction with the message server 820, although a wirelessconnector system may instead operate on or in conjunction with one ormore desktop computer systems in the LAN 809.

[0096] The wireless connector system 878 provides for transfer of dataitems stored at the LAN 809 to one or more mobile devices 888, 890.These data items preferably include e-mail messages stored in mailboxes819 in the data store 817, as well as possibly other items stored in thedata store 817 or another network data store or a local data store of acomputer system such as 822.

[0097] As described above, an e-mail message 833 addressed to one ormore recipients having an account on the message server 820 and receivedby the message server 820 may be stored into the mailbox 819 of eachsuch recipient In the system of FIG. 10, the external data store 882preferably has a similar structure to, and remains synchronized with,the data store 817. PIM information or data stored at data store 882preferably is independently modifiable to the PIM information or datastored at the host system. In this particular configuration, theindependently modifiable information at the external data store 882 maymaintain synchronization of a plurality of data stores associated with auser (i.e., data on a mobile device, data on a personal computer athome, data at the corporate LAN, etc.). This synchronization may beaccomplished, for example, through updates sent to the data store 882 bythe wireless connector system 878 at certain time intervals, each timean entry in the data store 817 is added or changed, at certain times ofday, or when initiated at the LAN 809, by the message server 820 or acomputer system 822, at the data store 882, or possibly by a mobiledevice 888, 890 through the access gateway 880. In the case of thee-mail message 833 for example, an update sent to the data store 882some time after the e-mail message 833 is received may indicate that themessage 833 has been stored in a certain mailbox 819 in the store 817,and a copy of the e-mail message will be stored to a correspondingstorage area in the data store 882. When the e-mail message 833 has beenstored in the mailboxes 819 corresponding to the mobile devices 888 and890 for example, one or more copies of the e-mail message, indicated at892 and 894 in FIGS. 10, will be sent to and stored in correspondingstorage areas or mailboxes in the data store 882. As shown, updates orcopies of stored information in the data store 817 may be sent to thedata store 882 via a connection to the WAN 804 or the VPN router 835.For example, the wireless connector system 878 may post updates orstored information to a resource in the data store 882 via an HTTP postrequest. Alternatively, a secure protocol such as HTTPS or SecureSockets Layer (SSL) may be used. Those skilled in the art willappreciate that a single copy of a data item stored in more than onelocation in a data store at the LAN 809 may instead be sent to the datastore 882. This copy of the data item could then be stored either inmore than one corresponding location in the data store 882, or a singlecopy may be stored in the data store 882, with a pointer or otheridentifier of the stored data item being stored in each correspondinglocation in the data store 882.

[0098] The access gateway 880 is effectively an access platform, in thatit provides mobile devices 888 and 890 with access to the data store882. The data store 882 may be configured as a resource accessible onthe WAN 804, and the access gateway 880 may be an ISP system or WAPgateway through which mobile devices 888 and 890 may connect to the WAN804. A WAP browser or other browser compatible with the wirelessnetworks 884 and 886 may then be used to access the data store 882,which is synchronized with the data store 817, and download stored dataitems either automatically or responsive to a request from a mobiledevice 888, 890. As shown at 896 and 898, copies of the e-mail message833, which was stored in the data store 817, may be sent to the mobiledevices 888 and 890. A data store (not shown) on each mobile device 888,890 may thereby be synchronized with a portion, such as a mailbox 819,of a data store 817 on a corporate LAN 809. Changes to a mote devicedata store may similarly be reflected in the data stores 882 and 817.

[0099]FIG. 11 is a block diagram of an example mobile device. The mobiledevice 100 is a dual-mode mobile device and includes a transceiver 1111,a microprocessor 1138, a display 1122, Flash memory 1124, random accessmemory (RAM) 1126, one or more auxiliary input/output (I/O) devices1128, a serial port 1130, a keyboard 1132, a speaker 1134, a microphone1136, a short-range wireless communications sub-system 1140, and mayalso include other device sub-systems 1142.

[0100] The transceiver 1111 includes a receiver 1112, a transmitter1114, antennas 1116 and 1118, one or more local oscillators 1113, and adigital signal processor (DSP) 1120. The antennas 1116 and 1118 may beantenna elements of a multiple-element antenna, and are preferablyembedded antennas. However, the systems and methods described herein arein no way restricted to a particular type of antenna, or even towireless communication devices.

[0101] Within the Flash memory 1124, the device 100 preferably includesa plurality of software modules 1124A-1124N that can be executed by themicroprocessor 1138 (and/or the DSP 1120), including a voicecommunication module 1124A, a data communication module 1124B, and aplurality of other operational modules 1124N for carrying out aplurality of other functions.

[0102] The mobile device 100 is preferably a two-way communicationdevice having voice and data communication capabilities. Thus, forexample, the mobile device 100 may communicate over a voice network,such as any of the analog or digital cellular networks, and may alsocommunicate over a data network. The voice and data networks aredepicted in FIG. 11 by the communication tower 1119. These voice anddata networks may be separate communication networks using separateinfrastructure, such as base stations, network controllers, etc., orthey may be integrated into a single wireless network.

[0103] The transceiver 1111 is used to communicate with the network ornetworks 1119, and includes the receiver 1112, the transmitters 1114,the one or more local oscillators 1113 and may also include the DSP1120. The DSP 1120 is used to send and receive signals to and from thetransceivers 1116 and 1118, and may also provide control information tothe receiver 1112 and the transmitter 1114. If the voice and datacommunications occur at a single frequency, or closely-spaced sets offrequencies, then a single local oscillator 1113 may be used inconjunction with the receiver 1112 and the transmitter 1114.Alternatively, if different frequencies are utilized for voicecommunications versus data communications for example, then a pluralityof local oscillators 1113 can be used to generate a plurality offrequencies corresponding to the voice and data networks 1119.Information, which includes both voice and data information, iscommunicated to and from the transceiver 1111 via a link between the DSP1120 and the microprocessor 1138.

[0104] The detailed design of the transceiver 1111, such as frequencyband, component selection, power level, etc., will be dependent upon thecommunication network 1119 in which the mobile device 100 is intended tooperate. For example, a mobile device 100 intended to operate in a NorthAmerican market may include a transceiver 1111 designed to operate withany of a variety of voice communication networks, such as the Mobitex orDataTAC mobile data communication networks, AMPS, TDMA, CDMA, PCS, etc.,whereas a mobile device 100 intended for use in Europe may be configuredto operate with the GPRS data communication network and the GSM voicecommunication network. Other types of data and voice networks, bothseparate and integrated, may also be utilized with a mobile device 100.

[0105] Depending upon the type of network or networks 1119, the accessrequirements for the mobile device 100 may also vary. For example, inthe Mobitex and DataTAC data networks, mobile devices are registered onthe network using a unique identification number associated with eachmobile device. In GPRS data networks, however, network access isassociated with a subscriber or user of a mobile device. A GPRS devicetypically requires a subscriber identity module (“SIM”), which isrequired in order to operate a mobile device on a GPRS network. Local ornon-network communication functions (if any) may be operable, withoutthe SIM device, but a mobile device will be unable to carry out anyfunctions involving communications over the data network 1119, otherthan any legally required operations, such as ‘911’ emergency calling.

[0106] After any required network registration or activation procedureshave been completed, the mobile device 100 may the send and receivecommunication signals, including both voice and data signals, over thenetworks 1119. Signals received by the antenna 1116 from thecommunication network 1119 are routed to the receiver 1112, whichprovides for signal amplification, frequency down conversion, filtering,channel selection, etc., and may also provide analog to digitalconversion. Analog to digital conversion of the received signal allowsmore complex communication functions, such as digital demodulation anddecoding to be performed using the DSP 1120. In a similar manner,signals to be transmitted to the network 1119 are processed, includingmodulation and encoding, for example, by the DSP 1120 and are thenprovided to the transmitter 1114 for digital to analog conversion,frequency up conversion, filtering, amplification and transmission tothe communication network 1119 via the antenna 1118.

[0107] In addition to processing the communication signals, the DSP 1120also provides for transceiver control. For example, the gain levelsapplied to communication signals in the receiver 1112 and transmitter1114 may be adaptively controlled through automatic gain controlalgorithms implemented in the DSP 1120. Other transceiver controlalgorithms could also be implemented in the DSP 1120 in order to providemore sophisticated control of the transceiver 1111.

[0108] The microprocessor 1138 preferably manages and controls theoverall operation of the mobile device 100. Many types ofmicroprocessors or microcontrollers could be used here, or,alternatively, a single DSP 1120 could be used to carry out thefunctions of the microprocessor 1138. Low-level communication functions,including at least data and voice communications, are performed throughthe DSP 1120 in the transceiver 1111. Other, high-level communicationapplications, such as a voice communication application 1124A, and adata communication application 1124B may be stored in the Flash memory1124 for execution by the microprocessor 1138. For example, the voicecommunication module 1124A may provide a high-level user interfaceoperable to transmit and receive voice calls between the mobile device100 and a plurality of other voice or dual-mode devices via the network1119. Similarly, the data communication module 1124B may provide ahigh-level user interface operable for sending and receiving data, suchas e-mail messages, files, organizer information, short text messages,etc., between the mobile device 100 and a plurality of other datadevices via the networks 1119.

[0109] The microprocessor 1138 also interacts with other devicesubsystems, such as the display 1122, Flash memory 1124, RAM 1126,auxiliary input/output (I/O) subsystems 1128, serial port 1130, keyboard1132, speaker 1134, microphone 1136, a short-range communicationssubsystem 1140 and any other device subsystems generally designated as1142.

[0110] Some of the subsystems shown in FIG. 11 performcommunication-related functions, whereas other subsystems may provide“resident” or on-device functions. Notably, some subsystems, such askeyboard 1132 and display 1122 may be used for bothcommunication-related functions, such as entering a text message fortransmission over a data communication network, and device-residentfunctions such as a calculator or task list or other PDA type functions.

[0111] Operating system software used by the microprocessor 1138 ispreferably stored in a persistent store such as Flash memory 1124. Inaddition to the operating system, which controls low-level functions ofthe mobile device 1110, the Flash memory 1124 may include a plurality ofhigh-level software application programs, or modules, such as a voicecommunication module 1124A, a data communication module 1124B, anorganizer module (not shown), or any other type of software module1124N. These modules are executed by the microprocessor 1138 and providea high-level interface between a user and the mobile device 100. Thisinterface typically includes a graphical component provided through thedisplay 1122, and an input/output component provided through theauxiliary I/O 1128, keyboard 1132, speaker 1134, and microphone 1136.The operating system, specific device applications or modules, or partsthereof, may be temporarily loaded into a volatile store, such as RAM1126 for faster operation. Moreover, received communication signals mayalso be temporarily stored to RAM 1126, before permanently writing themto a file system located in a persistent store such as the Flash memory1124.

[0112] An exemplary application module 1124N that may be loaded onto themobile device 100 is a personal information manager (PIM) applicationproviding PDA functionality, such as calendar events, appointments, andtask items. This module 1124N may also interact with the voicecommunication module 1124A for managing phone calls, voice mails, etc.,and may also interact with the data communication module for managinge-mail communications and other data transmissions. Alternatively, allof the functionality of the voice communication module 1124A and thedata communication module 1124B may be integrated into the PIM module.

[0113] The Flash memory 1124 preferably also provides a file system tofacilitate storage of PIM data items on the device. The PIM applicationpreferably includes the ability to send and receive data items, eitherby itself, or in conjunction with the voice and data communicationmodules 1124A, 1124B, via the wireless networks 1119. The PIM data itemsare preferably seamlessly integrated, synchronized and updated, via thewireless networks 1119, with a corresponding set of data items stored orassociated with a host computer system, thereby creating a mirroredsystem for data items associated with a particular user.

[0114] Decrypted session keys or other encryption accessing informationis preferably stored on the mobile device 100 in a volatile andnon-persistent store such as the RAM 1126. Such information may insteadbe stored in the Flash memory 1124, for example, when storage intervalsare relatively short, such that the information is removed from memorysoon after it is stored. However, storage of this information in the RAM1126 or another volatile and non-persistent store is preferred, in orderto ensure that the information is erased from memory when the mobiledevice 100 loses power. This prevents an unauthorized party fromobtaining any stored encryption accessing information such as adecrypted session key by removing a memory chip from the mobile device100, for example.

[0115] The mobile device 100 may be manually synchronized with a hostsystem by placing the device 100 in an interface cradle, which couplesthe serial port 1130 of the mobile device 100 to the serial port of acomputer system or device. The serial port 1130 may also be used toenable a user to set preferences through an external device or softwareapplication, or to download other application modules 1124N forinstallation. This wired download path may be used to load an encryptionkey onto the device, which is a more secure method than exchangingencryption information via the wireless network 1119. Interfaces forother wired download paths may be provided in the mobile device 100, inaddition to or instead of the serial port 1130. For example, a USB portwould provide an interface to a similarly equipped personal computer.

[0116] Additional application modules 1124N may be loaded onto themobile device 100 through the networks 1119, through an auxiliary I/Osubsystem 1128, through the serial port 1130, through the short-rangecommunications subsystem 1140, or through any other suitable subsystem1142, and installed by a user in the Flash memory 1124 or RAM 1126. Suchflexibility in application installation increases the functionality ofthe mobile device 100 and may provide enhanced on-device functions,communication-related functions, or both. For example, securecommunication applications may enable electronic commerce functions andother such financial transactions to be performed using the mobiledevice 100.

[0117] When the mobile device 100 is operating in a data communicationmode, a received signal, such as a text message or a web page download,will be processed by the transceiver module 1111 and provided to themicroprocessor 1138, which will preferably further process the receivedsignal for output to the display 1122, or, alternatively, to anauxiliary I/O device 1128. A user of mobile device 100 may also composedata items, such as e-mail messages, using the keyboard 1132, which ispreferably a complete alphanumeric keyboard laid out in the QWERTYstyle, although other styles of complete alphanumeric keyboards such asthe known DVORAK style may also be used. User input to the mobile device100 is further enhanced with a plurality of auxiliary I/O devices 1128,which may include a thumbwheel input device, a touchpad, a variety ofswitches, a rocker input switch, etc. The composed data items input bythe user may then be transmitted over the communication networks 1119via the transceiver module 1111.

[0118] When the mobile device 100 is operating in a voice communicationmode, the overall operation of the mobile device is substantiallysimilar to the data mode, except that received signals are preferably beoutput to the speaker 1134 and voice signals for transmission aregenerated by a microphone 1136. Alternative voice or audio I/Osubsystems, such as a voice message recording subsystem, may also beimplemented on the mobile device 100. Although voice or audio signaloutput is preferably accomplished primarily through the speaker 1134,the display 1122 may also be used to provide an indication of theidentity of a calling party, the duration of a voice call, or othervoice call related information. For example, the microprocessor 1138, inconjunction with the voice communication module and the operating systemsoftware, may detect the caller identification information of anincoming voice call and display it on the display 1122.

[0119] A short-range communications subsystem 1140 may also be includedin the mobile device 100. For example, the subsystem 1140 may include aninfrared device and associated circuits and components, or a short-rangeRF communication module such as a Bluetooth™ module or an 802.11 moduleto provide for communication with similarly-enabled systems and devices.Those skilled in the art will appreciate that “Bluetooth” and “802.11”refer to sets of specifications, available from the Institute ofElectrical and Electronics Engineers, relating to wireless personal areanetworks and wireless local area networks, respectively.

1. A method for processing encrypted messages at a wireless mobilecommunication device, comprising the steps of: receiving at the wirelessmobile communication device an encrypted message comprising at least oneencrypted session key and encrypted content; accessing the encryptedmessage; identifying an individual encrypted session key associated withthe wireless mobile communication device; decrypting the individualencrypted session key; and storing the decrypted session key to memory;wherein the stored decrypted session key is used to decrypt theencrypted content of the encrypted message where the encrypted contentis subsequently accessed.
 2. The method of claim 1, wherein theencrypted message is received by the wireless mobile communicationdevice through a wireless infrastructure and a wireless network.
 3. Themethod of claim 2, wherein a message server transmits the encryptedmessage through the wireless infrastructure and the wireless network tothe wireless mobile communication device.
 4. The method of claim 3,wherein the message server receives the encrypted message from a messagesender.
 5. The method of claim 4, wherein the wireless mobilecommunication device requests in a pull message access scheme thatstored messages be forwarded by the message server to the wirelessmobile communication device.
 6. The method of claim 4, wherein themessage server routes the encrypted message to the wireless mobilecommunication device when the encrypted message is received at themessage server, and wherein the encrypted message is addressed by themessage sender using a specific e-mail address associated with thewireless mobile communication device.
 7. The method of claim 4, whereinthe message server redirects the encrypted message to the wirelessmobile communication device.
 8. The method of claim 7, wherein, beforethe encrypted message is redirected to the wireless mobile communicationdevice, a redirection program re-envelopes the encrypted message so asto maintain the addressing information of the encrypted message.
 9. Themethod of claim 8, wherein the redirection program re-envelopes theencrypted message so as to allow a reply message generated by thewireless mobile communication device to reach the message sender. 10.The method of claim 1, further comprising, after the step ofidentifying, the steps of: determining whether the encrypted session keyhas been decrypted and stored to the memory; and retrieving thedecrypted session key from the memory and using the stored decryptedsession key to decrypt the encrypted content of the encrypted contentwhere the encrypted session key has been decrypted and stored to thememory.
 11. The method of claim 10, wherein the steps of decrypting andstoring are performed where the encrypted session key has not beendecrypted and stored to the memory.
 12. The method of claim 1, whereincertificate information of a user of the wireless mobile communicationdevice is transferred to the wireless mobile communication devicethrough a wireless communication module.
 13. The method of claim 1,wherein certificate revocation lists are transferred to the wirelessmobile communication device through a wireless communication module. 14.The method of claim 1, wherein a message server transmits the encryptedmessage through a wireless infrastructure and a wireless network to thewireless mobile communication device, wherein the encrypted messagecomprises a plurality of encrypted session keys, wherein the messageserver determines the encrypted session key associated with the wirelessmobile communication device, and wherein the message server reorganizesthe encrypted message such that the encrypted message is sent to thewireless mobile communication device without containing at least oneencrypted session key that is not associated with the wireless mobilecommunication device.
 15. The method of claim 14, wherein encryptedmessage comprises a digital signature, and wherein the message serververifies the digital signature and sends to the wireless mobilecommunication device a result of the digital signature verification. 16.The method of claim 1, wherein the encrypted message comprises aplurality of encrypted session keys, wherein the encrypted session keysare associated with different recipients, and wherein the encryptedmessage is reorganized prior to transmission to the wireless mobilecommunication device containing only the encrypted session keyassociated with the wireless mobile communication device.
 17. The methodof claim 16, wherein the encrypted message comprises a digitalsignature, and wherein the message server verifies the digital signatureand sends to the wireless mobile communication device the result of thedigital signature verification.
 18. The method of claim 1, wherein theencrypted session key is a one-time session key that is generated andused for the encrypted message.
 19. The method of claim 18, wherein thesession key was encrypted using a public key associated with thewireless mobile communication device.
 20. The method of claim 19,wherein the encrypted message was addressed to a plurality ofrecipients, and wherein the same session key is encrypted using a publickey associated with each recipient.
 21. The method of claim 1, whereinthe encrypted content was encrypted using a session key and encryptionalgorithm, and wherein a public key cryptographic algorithm was used toencrypt the session key to generate the encrypted session key.
 22. Themethod of claim 1, wherein the encrypted message was encrypted usingSecure Multipurpose Internet Mail Extensions (S/MIME) techniques. 23.The method of claim 1, wherein the encrypted message was encrypted usingPretty Good Privacy techniques.
 24. The method of claim 1, wherein theencrypted message was encrypted using OpenPGP techniques.
 25. The methodof claim 1, wherein the encrypted message comprises a digital signature.26. The method of claim 1, wherein the encrypted message comprises ane-mail message.
 27. The method of claim 1, wherein the decrypted sessionkey is removed from the memory after a preselected time has elapsed. 28.The method of claim 27, wherein the preselected time is selected by theuser.
 29. The method of claim 1, wherein the decrypted session key isremoved from the memory based upon a characteristic associated with theencrypted message.
 30. The method of claim 29, wherein the decryptedsession key is removed from the memory based upon electrical power beingremoved from the wireless mobile communication device.
 31. The method ofclaim 29, wherein the characteristics comprises the identity of a senderof the encrypted message.
 32. The method of claim 31, wherein theidentity of the sender of the encrypted message comprises an e-mailaddress of the sender.
 33. The method of claim 1, wherein the decryptedsession key is removed from the memory based upon a sensitivity level ofthe encrypted message.
 34. The method of claim 33, wherein thesensitivity level is determined based upon a subject line containedwithin the encrypted message.
 35. The method of claim 33, wherein thesensitivity level is determined based upon the encrypted content. 36.The method of claim 1, further comprising the step of: setting adisabling flag so that the decrypted session key is not continuouslystored in the memory for use in additional accessed of the encryptedcontent.
 37. The method of claim 1, further comprising the step of:setting a disabling flag so that the decrypted session key is removedfrom the memory after accessing the encrypted content.
 38. The method ofclaim 1, wherein the decrypted session key is stored to a volatilememory of the wireless mobile communication device.
 39. The method ofclaim 1, wherein the decrypted session key is started to a volatile andnon-persistent memory of the wireless mobile communication device. 40.The method of claim 1, wherein the decrypted session key is stored to arandom access memory (RAM) of the wireless mobile communication device.41. The method of claim 1, wherein a user of the wireless mobilecommunication device enters security information in order to have theencrypted session key decrypted.
 42. The method of claim 41, wherein thesecurity information comprises a password.
 43. Computer software storedon a computer readable medium, the computer software comprising programcode for carrying out a method that processes an encrypted message at awireless mobile communication device when the encrypted message isaccessed, said encrypted message containing at least one encryptedsession key and encrypted content, said method comprising the steps of:identifying an individual encrypted session key associated with thewireless mobile communication device where the encrypted message isaccessed by the means for accessing; decrypting the individual encryptedsession key; storing the decrypted session key to memory; and using thestored decrypted session key to decrypt the encrypted content where theencrypted content is accessed multiple times.
 44. An apparatus on awireless mobile communication device for handling multiple accesses toencrypted content, wherein an encrypted message includes the encryptedcontent and further includes encryption accessing information that hasan association with the encrypted message, and wherein the encryptedmessage is transmitted to the wireless mobile communication device, theapparatus comprising: a storage software module that stores theencryption accessing information in memory which is volatile andnon-persistent, wherein the encryption accessing information allowsaccess to the encrypted content; and an accessing software module thatretrieves from the memory the encryption accessing information. whereinthe retrieved encryption accessing information is used to decrypt theencrypted content where the encrypted content is accessed multipletimes.
 45. The apparatus of claim 44, wherein the encryption accessinginformation comprises a session key.
 46. The apparatus of claim 44,wherein the encrypted message further comprises a digital signature,wherein the storage software module is configured to store, in thememory, verification information about the digital signature, andwherein the accessing software module is configured to retrieve from thememory the verification information when the encrypted content isaccessed multiple times.
 47. The apparatus of claim 46, furthercomprising a data structure stored in the memory for containing theverification information and the encryption accessing information. 48.The apparatus of claim 47, wherein the data structure includes anassociation that is indicative of which encryption accessing informationis associated with which of a plurality of encrypted messages.
 49. Theapparatus of claim 48, wherein the data structure includes anassociation that is indicative of which verification information isassociated with which of the plurality of encrypted messages.